It seems I should be able to

evr000001 · ‎12-09-2014

Hi,

I'm setting up a solution, where access to wireless internet is granted only to a list of mac addresses. It seems MAB security is what I am after. However, before mac address is allowed internet access, I want a user to go through an external and controller-independable registration page.

Consider this flow:

Clientconnects to WLAN, since it's mac address is not allowed, the user is redirected to an external website (http://registration.com, aspx website). Here I ask the user to register an account. Using ip address from the request, I send a CLI command to the WLC controller and learn client's mac address from arp table. Here I need to run another CLI command to add the mac address to the mac database, and inform the user they can access the web.

Few struggles that I'm having now:

1) How to setup web MAB authentication, that, upon failure, redirects the user to an external website?

2) How can I add (white-list?) a mac address to enable it access to the internet?

evr000001 · ‎12-09-2014

It seems I should be able to do this, can anyone elaborate?

1) Layer-2 set to Mac filtering only

2) Upon success - user is granted access

3) Upon failure, falls back to Extrenal Web Auth, which redirects the user to my custom web page

4) Upon registering, I make a postback to the action_url

5) User is authenticated? Is there a way to reset authentication sequence at step 4? I don't really want to register the user. During step 4, I'm sending user's mac address back to WLC via SSH. Since mac address will be present on the WLC after step 4, I would like it to just grant access to the mac address, rather than register the user.

Allowing only a list of mac addresses to connect to the internet?